Text only | Text with Images

OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: phab on August 22, 2018, 08:33:12 PM

Title: UDP Broadcast blocked on in-active Interface
Post by: phab on August 22, 2018, 08:33:12 PM
Hi Forum

Background: went from a smoothly running Monowall to Opnsense :P. Having following issue though:

3 x VLANs all running on the physical LAN Interface which itself is not active of course.
BUT - it seems that broadcast get block on the LAN Interface itself:

LAN   Aug 22 20:27:57   10.77.1.238:50508   255.255.255.255:10001   udp   Default deny rule

Bug or Feature?

Goal would be to use 3 vlans for 3 subnets wich different rules and wifi networks, this on a switch port (trunk) which forwards all 3 vlans --> all working allright - just the broadcast.

Should I enable the LAN again within the vlan that the device resides in? Little lost here.

Thanks!
phab

Title: Re: UDP Broadcast blocked on in-active Interface
Post by: phab on August 22, 2018, 08:41:38 PM
And forgot to mention it - of course I cannot create a corresponding fwl rule cause the interface ain't there ...
Title: Re: UDP Broadcast blocked on in-active Interface
Post by: marjohn56 on August 22, 2018, 09:10:41 PM
If you've disabled the LAN then I would say yes. The LAN is the parent interface.
Title: Re: UDP Broadcast blocked on in-active Interface
Post by: phab on August 22, 2018, 09:28:09 PM
The LAN Interface is assigned yes - but not enabled as such, as I only need interfaces with vlans configured. everything else is working though, just not the broadcast.

Is is recommended to have the parent Interface active when just working with interfaces based on vlans?
Does it need to be in a specific vlan? Or can I just assign an unused network like 192.168.1.0 and be done with it?

thanks again
Title: Re: UDP Broadcast blocked on in-active Interface
Post by: marjohn56 on August 22, 2018, 11:21:26 PM
Sorry, I'm misleading you.... I often do that.

The VLANs have been assigned to a specific NIC, and you have set up the statics etc.

Not quite sure how you are connecting to the GUI if you have disabled the LAN?


Here's a Youtube video. It's for an older pfsense version, but the setup is the same principle.


https://www.youtube.com/watch?v=uF13fqQvGCs (https://www.youtube.com/watch?v=uF13fqQvGCs)
Title: Re: UDP Broadcast blocked on in-active Interface
Post by: phab on August 23, 2018, 08:02:00 PM
hey marjohn56

thanks for your answer. Mabye I am not laying it out right:

the broadcast message blocked:
LAN   Aug 22 20:27:57   10.77.1.238:50508   255.255.255.255:10001   udp   Default deny rule

is arriving in on the wrong interface: 10.77.1.0/24 net is assigned to OPT1_VLAN_77 and not the physical LAN interface which of course does not have a VLAN assigned (not possible - or I am starring at the wrong tree in this forrest).

I cannot create a rule for this (wrong netowrk on wrong interface) or assing the LAN to that nework.
Title: Re: UDP Broadcast blocked on in-active Interface
Post by: phab on August 23, 2018, 08:28:24 PM
SOLVED !!!

Seems to have been some weird ARP issue - all switches and & opnsense have been rebooted - now no more bad packets on wrong interfaces

THANKS forum!
Title: Re: UDP Broadcast blocked on in-active Interface
Post by: marjohn56 on August 23, 2018, 09:17:14 PM
Ah.. the old ''have you tried powering off and on again' routine.. 8)
Text only | Text with Images